Solved! Use MSIEXEC.VIR (Virus Expiro) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

MSIEXEC.VIR – Virus Expiro removal

File MD5 Virus Alias
MSIEXEC.VIR 32b30b2ea723d3aa40c645cabd99bb48 Virus Expiro
MSIEXEC.VIR 32b30b2ea723d3aa40c645cabd99bb48 Trojan Vilsel

MSIEXEC.VIR size: 275456 bytes
MSIEXEC.VIR hash: 32B30B2EA723D3AA40C645CABD99BB48

Created files:

C:\windows\system32\cisvc.vir
C:\windows\system32\clipsrv.vir
C:\windows\system32\dllhost.exe
C:\windows\system32\dmadmin.vir
C:\windows\system32\imapi.vir
C:\windows\system32\mnmsrvc.vir
C:\windows\system32\msdtc.exe
C:\windows\system32\msiexec.vir
C:\windows\system32\svchost.vir
%Temp%\1FAF3B.dmp

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\msiserver\Type: 20010000
HKLM\System\CurrentControlSet\Services\msiserver\Start: 02000000

Detected by UnHackMe:

MSIEXEC.VIR
Default location: %SYSDIR%\MSIEXEC.VIR

Dropper information:
MD5: 3592223a4d9b55b37ed52aaa95df9a26
File size: 221696 bytes

Leave a Reply